Forums Scripts & Popups dcc exploit fix for 6.03

ok what i need is a slight amount of help on being able to check for the spaces in a dcc send of resume im sending the dcc to my script in a signal and it is effectivly blocking out the exploit ..... but what i am trying to do now is create a echo to my active window so here is what i need to run a check thru.

*** 3 SOMEuser!SOMEUSER@HOST.com_D3m0n_ DCC SEND "DCC EXPLOIT FILENAME" 0 0 0

***EDITED TO REMOVE OUT THE ACTUAL EXPLOIT***

the first number is the cid it come from the second part if the actual user then me and the dcc send and resume would be in $5 and the actual file name is in " " the other stuff is how it comes in but everyone should know that. what im wanting to know is whats going to be the fastest method of checking this is an exploit or not? basically thats all i need to have and i can release an exploit fix for this using 6.03. if anyone else wants to take a stab at this what im doing is ignoring all ctcps. then using a timer to check a hidden window.cid then sending a signal if it meets a set parameters. then using that i can do several things like send the ping reply version reply and time reply using ctcpreply. a bonus side effect is that the dcc is also picked up in this script. thus allowing me to reject the exploit. ive tried the exploit on a clean mirc and it infact does crash, i unloaded that signal script and my mirc crashed. so somehow by delaying it mirc doesnt even need to ignore the user it just rejects it on its own. like its using 6.12 or something. its really hard to explain but anyone that can help me out in this id appreciate. as using regex is probably the best method but its something im just terrible at.

This post might interest you.

not really what i need to make it work correctly. i really need to run a check on everything in " " for the number of spaces ..... if i knew regex im assuming this would be quite simple to geth that

You can use $fline() to scan a debug window for an exploit message. For example,

• $fline(@debug,/^<- :[b][/b](\S+)!\S+@\S+ privmsg (\S+) :\x01dcc (?:send|resume|accept) +\S*"(?:\S* ){35}/i,1,2)

The last parameter, 2, was introduced in v6.1 and denotes the "wildtext" parameter is a regexp. After $fline() returned a line number, you can use $regml(1) in your script to reference to the exploiter's nickname, and $regml(2) to reference to the target (you or a channel).

addition to this, since i use mirc 6.03, is there any way through scripting to protect myself or i really need to ignore all dcc's and ctcp's ?

Yes you have to ignore all DCCs, but a small script can automatically identify valid requests and create the appropriate exception. See this post.

thanx much